2137 matches found
Everest Forms Pro <= 1.9.12 - Unauthenticated RCE via Calculation Formula Injection
The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...
kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...
GHSA-5PMV-RX8R-WMV5 jxl-grid on 32-bit platforms has an out-of-bounds writes due to integer overflow
Summary On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use Address Sanitizer, which ignores...
PYSEC-2026-723 Out-of-bounds Read in OpenCV
An out-of-bounds read was discovered in OpenCV before 4.1.1 OpenCV-Python before 4.1.0.25. Specifically, variable coarsestscale is assumed to be greater than or equal to finestscale within the calc/oclcalc functions in disflow.cpp. However, this is not true when dealing with small images, leading...
CVE-2026-49414
CVE-2026-49414 is a local ASLR bypass in FreeBSD: the ELF image activator clears per-process ASLR preferences for setuid binaries after computing the PIE base, allowing an unprivileged local user to disable ASLR for a setuid PIE binary via procctl(2) before execve(2). This makes exploitation of a...
DEBIAN-CVE-2026-53312
In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Remove overflows on the invalidation path Since RISC-V supports a sign extended page table it should support a gather-end of ULONGMAX, but if this happens it will infinite loop because of the overflow. Also avoid...
EUVD-2026-39847
In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Remove overflows on the invalidation path Since RISC-V supports a sign extended page table it should support a gather-end of ULONGMAX, but if this happens it will infinite loop because of the overflow. Also avoid...
GHSA-RM3J-F69W-WQMQ golang.org/x/crypto vulnerable to infinite loop on large channel writes
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...
CVE-2026-53171
In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix arithmetic issues in dmalength dmalength derives DMA region usage from command stream values and updates regionsize: len = len + stride0 size0 + stride1 size1 regionsizeregion = max..., len + dma-offset Several...
EUVD-2026-38881
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix macvlangetsize not reserving space for IFLAMACVLANBCCUTOFF macvlangetsize does not account for IFLAMACVLANBCCUTOFF, but macvlanfillinfo conditionally includes it when port-bccutoff != 1. This causes nlaputs32 to fail...
EUVD-2026-38836
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic kvms390pciaifenable, kvms390pciaifdisable, and aenhostforward index the GAIT by manually multiplying the index with sizeofstruct zpcigaite. Since...
CVE-2026-53013
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix macvlangetsize not reserving space for IFLAMACVLANBCCUTOFF macvlangetsize does not account for IFLAMACVLANBCCUTOFF, but macvlanfillinfo conditionally includes it when port-bccutoff != 1. This causes nlaputs32 to fail...
CVE-2026-53013 macvlan: fix macvlan_get_size() not reserving space for IFLA_MACVLAN_BC_CUTOFF
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix macvlangetsize not reserving space for IFLAMACVLANBCCUTOFF macvlangetsize does not account for IFLAMACVLANBCCUTOFF, but macvlanfillinfo conditionally includes it when port-bccutoff != 1. This causes nlaputs32 to fail...
CVE-2026-53013
The CVE-2026-53013 issue affects the Linux kernel macvlan netlink code. A bug in macvlan_get_size() did not reserve space for IFLA_MACVLAN_BC_CUTOFF, while macvlan_fill_info() would include that attribute when port->bc_cutoff != 1. As a result, nla_put_s32() could fail with -EMSGSIZE when the ...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: kexec: deriving the entry from the purgatory symbol The kexecloadpurgatory function derives image-start by locating eentry within an SHFEXECINSTR section. If the purgatory object contains multiple executable sections with...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Media: ccs – Avoid possible division by zero Calculating the maximum value of M for scaler configuration involves dividing by the value of the MINXOUTPUTSIZE limit register. Although this value is presumably non-zero, the driver...
CVE-2026-52934 batman-adv: tvlv: reject oversized TVLV packets
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this section is computed by batadvtvlvcontainerlistsize, which sums the size...
PT-2026-52005
Name of the Vulnerable Software and Affected Versions Linux kernel version 6.19.0-rc5 Description A null pointer dereference issue exists in the bpf lwt xmit push encap helper. The issue occurs because the skb- skb refdst variable may not be initialized when the socket buffer skb is set up by the...
PT-2026-51727
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv tvlv container list size function uses a u16 return type and accumulator. When the accumulated size of registered containers...
PT-2026-49341
Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description A flaw exists in the WavPack audio decoder within gst-plugins-good. An integer overflow occurs during the buffer size calculation 4 block samples channels inside the gst wavpack dec handle...